PHPDeveloper.orghttp://www.phpdeveloper.org
Up-to-the Minute PHP News, views and communityen-usTue, 03 Mar 2015 14:30:56 -060030http://www.phpdeveloper.org/news/22258http://www.phpdeveloper.org/news/22258
On the SitePoint PHP blog today David Brumbaugh shows you how to encrypt large messages with phpseclib and asymmetric keys. phpseclib is a PHP library specifically designed to handle encryption and decryption in an easy-to-use way.

Most of us understand the need to encrypt sensitive data before transmitting it. Encryption is the process of translating plaintext (i.e. normal data) into ciphertext (i.e. secret data). During encryption, plaintext information is translated to ciphertext using a key and an algorithm. To read the data, the ciphertext must be decrypted (i.e. translated back to plaintext) using a key and an algorithm. [...] A core problem to be solved with any encryption algorithm is key distribution. How do you transmit keys to those who need them in order to establish secure communication? The solution to the problem depends on the nature of the keys and algorithms.

He talks some about the difference between symmetric and asymmetric algorithms and some advice about the selection of the right one (or ones) to use in your app. He also talks briefly about the problem with RSA keys, mostly that it has limits on the amount of text it can encrypt. His solution is to "encrypt the message with a symmetric key, then asymmetrically encrypt the key and attach it to the message". He explains the encryption/decryption process step by step and starts in showing the code to make phpseclib do the work. He shows how to generate the keys, build the encrypt function and the decrypt function with about 30 lines of code each.

Link: http://www.sitepoint.com/encrypt-large-messages-asymmetric-keys-phpseclib/]]>Tue, 20 Jan 2015 11:40:51 -0600http://www.phpdeveloper.org/news/22103http://www.phpdeveloper.org/news/22103
In his latest post Stanislav Malyshev looks at a RFC he's proposed to allow array keys to be objects including some of his thoughts behind the proposal and how he sees it being helpful to the language.

I'm going to put to vote soon another of my RFCs, namely one about "objects as keys". So, I want to outline the case for it here and address some criticisms and questions raised while discussing it.

He starts off by answering the "why" question, mentioning specially the introduction of things like GMP numbers and how, despite them seeming to work like numbers, other things can be done with them. He talks about how you'd use this functionality "the right way" and how that'd relate back to value objects. He answers a few other questions about the proposal including why it's better than just using __toString or spl_object_hash instead. He spends the rest of the post looking at some of the implementation problems, disadvantages and some of the possible names (function names) for the handling.

Link: http://php100.wordpress.com/2014/12/14/objects-as-keys/]]>Mon, 15 Dec 2014 09:18:50 -0600http://www.phpdeveloper.org/news/21349http://www.phpdeveloper.org/news/21349
The WebLessons.info site has a new tutorial posted showing you how to use the LinkedIn authentication handling to allow your users to log in with their own account information.

LinkedIn is a business-oriented social networking service. It is mainly used for professional networking. So if you are having an application or website that serves working professionals then its very important for you to implement login with LinkedIn in your application. By this way you can able to access the data of your users like email, work history, education etc. So now let's dive into the coding part.

They walk you through the various steps, providing screenshots or code where applicable:

Creating a LinkedIn Application

Get the API Key and Secret Key

Create the database and set up the PHP configuration to connect

finally, the PHP code for the login form and making the request to LinkedIn

A live demo can be found here (but if you're paranoid about your credentials, I wouldn't use it) and you can download all files included in the tutorial.

Link: http://weblessons.info/2014/06/25/login-with-linkedin-tutorial-php/]]>Wed, 25 Jun 2014 10:47:16 -0500http://www.phpdeveloper.org/news/20514http://www.phpdeveloper.org/news/20514
In a new post to his site Ulf Wendel shows an alternative use for the PHP Memcache functions - using them to query MySQL tables (InnoDB) in much the same way. He also tosses in Redis as another version to compare the performance against (for fetching key/value pairs).

PHP users can use two client protocols to query MySQL 5.6 and later. Not only standard SQL access but also faster key-value access to InnoDB tables is possible using the Memcache protocol. The MySQL benchmark team reports crazy figures. Of course, on hardware that makes the average PHP meetup visitor roll his eyes and say "yeah, Oracle, *yawn*…". I've repeated my plain PHP benchmarks on an i3 desktop. And, I've added Redis to the game.

He goes through and compares a few different things with some simple benchmarks around operations per second:

MySQL 5.6 Memcache vs. MySQL 5.7 Memcache vs. Memcache vs. SQL

MySQL vs. Memcache vs. Redis

For each he's graphed out the results of the benchmarking with some surprising results for those that may thing MySQL isn't as suited as Redis for something like this.

Link: http://blog.ulf-wendel.de/2013/using-phps-memcache-interface-to-query-mysql-5-7/]]>Fri, 13 Dec 2013 12:56:50 -0600http://www.phpdeveloper.org/news/19985http://www.phpdeveloper.org/news/19985
Jerermy Kendall has written up a post for his site showing the use of his QueryAuth library for API authentication, complete with plenty of examples. The library makes it simple to sign and verify requests based on a key, secret and parameters given.

Most APIs require some sort of query authentication: a method of signing API requests with an API key and signature. The signature is usually generated using a shared secret. When you're consuming an API, there are (hopefully) easy to follow steps to create signatures. When you're writing your own API, you have to whip up both server-side signature validation and a client-side signature creation strategy. Query Auth endeavors to handle both of those tasks; signature creation and signature validation.

He includes code examples showing how to create a signed request, validate the signature from an incoming request and generate randomized keys and secrets. He's also created a sample implementation as a Vagrant box that sets up a Slim framework based application and uses Guzzle to make requests. He briefly looks at some of the code that makes it work and what the raw HTTP request and response look like for the result.

Link: http://jeremykendall.net/2013/08/13/api-query-authentication-with-query-auth]]>Thu, 15 Aug 2013 09:41:46 -0500http://www.phpdeveloper.org/news/19593http://www.phpdeveloper.org/news/19593
In a new post to his site Bob Majdak looks at using SQL in PHP and some of the challenges he's come across (some of them with his own tools). He talks about things line inline SQL, loading SQL by unique key or creating a "build object".

There is no right or wrong way, but no matter what there is no *pretty* way to do SQL inside of a PHP application. I have been having a personal debate with myself all week about how to make SQL statements nicer in an application without going to a huge DBAL package like Doctrine.

He looks at each idea and provides some of the pros and cons about each of them, noting that he hasn't quite decided on which is the best method. Some sample code is included to help clarify the points, showing the "find by unique key" version and how a more complex query might be created with the "builder object."

Link: http://catch404.net/2013/05/on-sql-in-php]]>Thu, 16 May 2013 10:11:29 -0500http://www.phpdeveloper.org/news/18275http://www.phpdeveloper.org/news/18275
In this new tutorial on the Script-Tutorials.com site, they show you how to use the Google API (and OAuth) to access contacts information from your Gmail account.

In our new tutorial I am going to tell you about inviting friends. I think that this is the most important part for every website, a key to success. Today I will show you how to create simple and effective Gmail contact importer using OAuth authorization and API. Also, I will tell about obtaining Google API access too.

Screenshots show you how to get to the access token information you'll need to connect and the full code is included to help you get authenticated and pull down the contacts list to display in the page's HTML output.

In all the countless hours I've spent with php, I've maybe used three or four of these sorting functions. I really had no idea that there is a total of eleven functions used for sorting arrays. Anyway, I'm betting that it may be useful to have these memorized before I take the Zend PHP Certification Exam so here is a brief overview of each one.

He talks about the various flags that can be used in the sorting (for regular, numeric, string and locale-based string handling) and the parameters to call for normal sorting, "natural" sorting, reverse key sorting and others. You can find specifics on these array sorting methods in the PHP manual.

His code just fleshes out the server portion of the provider, not all of the token generation and key handling it'll need on the backend - that'll still be the job of your scripts. You can find the library over on github in his Zend_OAuth_Provider repository.

]]>Mon, 29 Aug 2011 10:41:18 -0500http://www.phpdeveloper.org/news/16448http://www.phpdeveloper.org/news/16448
Tim Lytle has written up a new tutorial for the Zend Developer Zone talking about OAuth and making one of the more difficult parts - getting an access token - a bit simpler using a command-line application.

OAuth is great - there's no need to save users' passwords, it's - in theory - a consistent way to interact with other services, and it's hopefully something that your users are familiar and comfortable using. But if you're not just interacting with your users' accounts - for example, your application uses a single account on a service to broadcast messages, or analyze data - getting or renewing the access token can be painful.

He illustrates the problem with an example connecting to Twitter and even points out a script that makes bridging this gap simpler. Unfortunately, it's not exactly what he needed, so he reworked the idea with a call to the Twitter API using a Zend_Oauth_Consumer and a custom callback. The script is then set up with some command line options for inputting the key and secret information. Also included is functionality letting you define a configuration file. You can see the final result here on github.